Security firm issues warning about fake Nimda fix

Computer security firm SecurityFocus said it is not the author of an e-mail and file attachment claiming to be a fix for the recent Nimda worm.

In a warning posted to the company's "Incidents" mailing list yesterday, the San Mateo, California-based company said it believes the attachment could be a Trojan horse program that could damage users' systems if opened.

SecurityFocus said the e-mail claims to come from it as well as from Cupertino, California-based antivirus firm TrendMicro Inc.

"The messages come with an executable attachment named FIX_NIMDA.exe," SecurityFocus said in the warning. "Do not run this attachment. These messages do not come from us or TrendMicro, as a quick check of the headers will reveal. Common sense and best practices indicate that you should not execute any code that come[s] via e-mail unless you authenticate the source of the message."

The Nimda worm -- reports of which first began flooding into mailing lists and security firms two weeks ago -- is a mass-mailed piece of malicious code that infects systems running Microsoft's Windows 95, 98, ME, NT and 2000.

Unlike other worms and viruses, Nimda is capable of spreading via both network-based e-mail and Web browsers. It was also written to scan for and exploit back doors left behind by previous viruses such as Code Red and Sadmind.

Join the newsletter!

Error: Please check your email address.

More about MicrosoftSecurityFocus

Show Comments